b'DEPARTMENT OF HOMELAND SECURITY\n\n              Office of Inspector General\n\n\n                Disaster Recovery Planning for\n                  DHS Information Systems\n                     Needs Improvement\n                          (Redacted)\n\n\n\n\nNotice: The Department of Homeland Security, Office Inspector General, has redacted this\nreport for public release. The redactions are identified as (b)(2), comparable to 5 U.S.C. \xc2\xa7\n552 (b)(2). A review under the Freedom of Information Act will be conducted upon request.\n\n\n\n\n             Office of Information Technology\n                                                                    May 2005\n   OIG-05-22\n\x0c                                                                        Office of Inspector\n                                                                        General\n\n                                                                        U.S. Department of\n                                                                        Homeland Security\n                                                                        Washington, DC 20528\n\n\n\n\n                                             Preface\n\nThe Department of Homeland Security (DHS) Office of Inspector General (OIG) was\nestablished by the Homeland Security Act of 2002 (Public Law 107-296) by amendment\nto the Inspector General Act of 1978. This is one of a series of audit, inspection, and\nspecial reports prepared by the OIG as part of its DHS oversight responsibilities to\npromote economy, effectiveness, and efficiency within the department.\n\nThis report addresses the strengths and weaknesses of the DHS Information Technology\ndisaster recovery program. It is based on interviews with employees and officials of\nrelevant agencies and institutions, direct observations, and a review of applicable\ndocuments.\n\nThe recommendations herein have been developed to the best knowledge available to the\nOIG, and have been discussed in draft with those responsible for implementation. It is our\nhope that this report will result in more effective, efficient, and economical operations.\nWe express our appreciation to all of those who contributed to the preparation of this\nreport.\n\n\n\n\n                                             Richard L. Skinner\n                                             Acting Inspector General\n\x0cContents\n\n\n  Introduction.................................................................................................................. 3\n\n  Executive Summary ..................................................................................................... 4\n\n  Background .................................................................................................................. 4\n\n  Results of Audit ........................................................................................................... 7\n\n          Disaster Recovery Sites Are Inadequate............................................................. 7\n\n          Disaster Recovery Documentation Needs Improvement.................................. 13\n\n          DHS Does Not Have an Enterprise-Wide Disaster Recovery Program ........... 14\n\n  Recommendations....................................................................................................... 16\n\n  Management Comments and Our Evaluation ............................................................. 16\n\n\nAppendices\n  Appendix A:            Purpose, Scope, and Methodology .................................................... 18\n  Appendix B:            Management\xe2\x80\x99s Response.................................................................. 20\n  Appendix C:            DHS Facilities Reviewed ................................................................. 23\n  Appendix D:            Disaster Recovery Planning Documents Reviewed ......................... 25\n  Appendix E:            Major Contributors to This Report................................................... 30\n  Appendix F:            Report Distribution........................................................................... 31\n\n\nAbbreviations\n  BTS                            Border and Transportation Security\n  CBP                            Customs and Border Protection\n  CIO                            Chief Information Officer\n  Coast Guard                    United States Coast Guard\n  COOP                           Continuity of Operations\n  DCC                            Data Center Consolidation\n  DHS                            Department of Homeland Security\n  DHS Management                 DHS Management Directorate\n  EIB                            Enterprise Infrastructure Board\n  FEMA                           Federal Emergency Management Agency\n\n                               DHS Disaster Recovery Planning Needs Improvement\n\n\n                                                           Page 1\n\x0cContents\n\n FLETC              Federal Law Enforcement Training Center\n FPC                Federal Preparedness Circular\n ICE                Immigration and Customs Enforcement\n IAIP               Information Analysis and Infrastructure Protection\n IT                 Information Technology\n IV&V               Independent Verification and Validation\n NIST               National Institute of Standards and Technology\n OIG                Office of Inspector General\n OMB                Office of Management and Budget\n SP                 Special Publication\n Secret Service     United States Secret Service\n TSA                Transportation Security Administration\n\n\n\n\n                  DHS Disaster Recovery Planning Needs Improvement\n\n\n                                       Page 2\n\x0cOIG\nDepartment of Homeland Security\nOffice of Inspector General\n\n\n\nIntroduction\n                          The Department of Homeland Security (DHS) relies on a variety of\n                          critical Information Technology (IT) systems and technologies to\n                          support its wide-ranging missions, including counter-terrorism,\n                          border security, and infrastructure protection. DHS IT systems also\n                          allow employees to communicate internally and for the American\n                          public to communicate with the department. DHS must be able to\n                          recover its IT systems quickly and effectively following a service\n                          disruption or disaster in order to continue performing these mission\n                          essential functions. This audit focused on DHS\xe2\x80\x99 acquisition and\n                          management of disaster recovery alternate facilities for its critical\n                          IT systems.\n\n                          The Office of Inspector General (OIG) audited the IT disaster\n                          recovery capabilities for 19 DHS facilities, which were connected\n                          to the DHS network backbone.1 The objective of this audit was to\n                          evaluate the effectiveness of DHS\xe2\x80\x99 acquisition and management of\n                          disaster recovery alternate facilities for the support systems\n                          processed at selected facilities. Facilities selected for this audit\n                          represented each of the DHS components,2 with the exception of\n                          the Science and Technology Directorate3 and the United States\n                          Citizenship and Immigration Services.4 Audit fieldwork was\n                          performed in the Washington, DC area, and at several DHS\n                          locations around the country. See Appendix A for a discussion of\n                          our purpose, scope, and methodology.\n\n1\n  The \xe2\x80\x98backbone\xe2\x80\x99 is DHS\xe2\x80\x99 top-level, high-speed, data transmission telecommunications network. It serves\nas the major access point for telecommunications networks of DHS components.\n2\n  DHS \xe2\x80\x98components\xe2\x80\x99 are its directorates, including organizational elements and bureaus, and critical\nagencies.\n3\n  While the Science and Technology Directorate had facilities attached to the DHS network backbone, these\nfacilities did not have significant IT assets and were not included in the audit scope.\n4\n  The United States Citizenship and Immigration Services was not responsible for a facility attached to the\nDHS network backbone in November 2003.\n\n                           DHS Disaster Recovery Planning Needs Improvement\n\n\n                                                  Page 3\n\x0cExecutive Summary\n             DHS IT disaster recovery sites were not prepared to prevent\n             service disruptions from potentially hindering DHS\xe2\x80\x99 ability to\n             perform mission essential functions. Specifically, 15 of the 19\n             (79%) facilities reviewed did not have a recovery site - or the\n             recovery site was not fully operational. Additionally, while 4 of the\n             19 (21%) facilities had fully operational disaster recovery sites,\n             tests at those facilities revealed deficiencies that could adversely\n             impact recovery of critical IT systems. The inability to restore\n             DHS\xe2\x80\x99 critical IT systems following a disaster could have negative\n             effects on the performance of mission essential functions. These\n             potential effects include a disruption in passenger screening\n             operations, delays in processing grants in response to a disaster,\n             and delays in the flow of goods across U.S. borders.\n\n             Additionally, we evaluated the adequacy of disaster recovery\n             planning documents such as continuity of operations and\n             contingency plans. We identified deficiencies in 25 of the 31\n             (81%) documents reviewed. Thirteen of the 31 (42%) planning\n             documents had not been finalized.\n\n             These problems with disaster recovery are occurring in part\n             because DHS does not have a program in place to provide an\n             enterprise-wide disaster recovery solution. However, DHS\xe2\x80\x99 Chief\n             Information Officer (CIO) is studying the consolidation of the\n             department\xe2\x80\x99s data centers. This effort could be used to provide the\n             basis for an enterprise-wide disaster recovery capability.\n\n             We are recommending that the CIO: (1) allocate funds needed to\n             implement an enterprise-wide disaster recovery program for\n             mission critical systems; (2) require that disaster recovery\n             capabilities are included in the planning and implementation of\n             new systems; and (3) require that disaster recovery-related\n             documentation for mission critical systems be completed and\n             conform to current government standards.\nBackground\n             DHS\xe2\x80\x99 mission includes protecting the American people and their\n             homeland from terrorist attacks, reducing the vulnerability to\n             terrorism, and mitigating the damage resulting from disasters,\n             whether man-made or natural. IT assets at DHS facilities around\n\n\n             DHS Disaster Recovery Planning Needs Improvement\n\n\n                                  Page 4\n\x0cthe country support these missions. DHS must have a disaster\nrecovery capability in order to prevent minor disruptions or major\ndisasters from affecting its ability to perform essential services.\n\nIT systems can experience disruptions due to inherent\nvulnerabilities, such as disk drive failures or as the result of an\nexternal threat. However, even a minor disruption could become a\nmajor problem without adequate backup and recovery capability.\nFor example, a recent problem with a private sector company\xe2\x80\x99s\ndatabase application, combined with a manual backup system,\nresulted in the cancellation of hundreds of flights and disrupted the\nplans of thousands of traveling passengers.\n\nThe chance that a disruption may occur can be reduced through the\nimplementation of compensatory technical or managerial controls.\nHowever, IT systems also face the risk of a service disruption\ncaused by natural and man-made events that cannot be controlled.\nWhen there is a disruption, DHS must be able to recover its\nmission essential IT systems as quickly as possible. Restoring IT\nsystems may require relocating to an alternate site if the original\nfacility is destroyed, as occurred in the 1995 bombing of the Alfred\nP. Murrah Federal Building in Oklahoma City and the terrorist\nattacks on September 11, 2001. Relocating to an alternate site may\nbe necessary if the primary facility is rendered inaccessible, as\noccurred when legislative and postal facilities were contaminated\nduring the anthrax bio-terrorism attacks of 2001. Disaster recovery\nplanning includes identifying an alternate facility that is capable of\noperating those IT systems if the original facility cannot be used.\n\nAdditionally, depending on the threat, the identified alternate site\nmust be at a reasonable distance from the original facility. For\nexample, facilities that could be subject to terrorist activities may\nrequire an alternate facility outside the metropolitan area. Facilities\nthat are at high risk from natural disasters, such as hurricanes and\nearthquakes, may need an alternate facility outside their\ngeographic region.\n\nIt is the policy of the United States to have in place a\ncomprehensive and effective program to ensure continuity of\nessential federal functions under all circumstances. To support this\npolicy, the federal government has implemented the Continuity of\nOperations (COOP) Program. Today\xe2\x80\x99s changing threat\nenvironment and the potential for no-notice emergencies, including\nlocalized acts of nature, accidents, technological emergencies, and\n\nDHS Disaster Recovery Planning Needs Improvement\n\n\n                     Page 5\n\x0cmilitary or terrorist attack-related incidents, have increased the\nneed for COOP capabilities and plans that enable agencies to\ncontinue their essential functions across a broad spectrum of\nemergencies. Responsibility for formulating guidance on these\nplans and for assessing executive branch capabilities lies with\nDHS\xe2\x80\x99 Emergency Preparedness and Response component and its\nFederal Emergency Management Agency (FEMA). This guidance,\nFederal Preparedness Circular (FPC) 65, Federal Executive Branch\nContinuity of Operations (COOP), was reissued by FEMA in June\n2004.\n\nFPC 65 provides guidance on the selection of an alternate facility\nand requires that federal departments identify their essential\nfunctions as well as the IT systems necessary to perform these\nfunctions. Additionally, FPC 65 defines various elements which\nmust be in a viable departmental COOP capability including:\n\n   \xe2\x80\xa2     Implementation without warning;\n   \xe2\x80\xa2     Operational within 12 hours of COOP activation;\n   \xe2\x80\xa2     Regularly scheduled testing, training, and exercising of\n         agency personnel, equipment, systems, processes, and\n         procedures used to support the agency during a COOP\n         event; and\n   \xe2\x80\xa2     Consideration of the distance of the alternate operating\n         facility from the primary facility.\n\nOther government-wide guidance in this area is included in the\nOffice of Management and Budget (OMB) Circular A-130,\nManagement of Federal Information Resources. OMB Circular A-\n130 establishes a minimum set of controls to be included in federal\nautomated information security programs, including the need to\nestablish and periodically test the capability to continue providing\nservice following a disruption to the IT system. OMB Circular\nA-130, at page 12 of Appendix III, emphasizes the need to test\nrecovery plans:\n\n       \xe2\x80\x9cExperience has shown that recovery plans that\n       are periodically tested are substantially more viable\n       than those that are not. Moreover, untested plans\n       may actually create a false sense of security.\xe2\x80\x9d\n\nAdditionally, the National Institute of Standards and Technology\xe2\x80\x99s\n(NIST) special publication 800-34, Contingency Planning Guide\nfor Information Technology Systems, provides guidance on what\n\nDHS Disaster Recovery Planning Needs Improvement\n\n\n                      Page 6\n\x0c                information should be in a contingency plan, and recommends that\n                backup media should be stored off-site in a secure,\n                environmentally-controlled location. NIST SP 800-34 also notes\n                that the performance of a business impact analysis is a key step in\n                the contingency planning process. This analysis helps to correlate\n                specific system components with the essential services that they\n                provide; and to characterize the consequences of a disruption to the\n                system components on those essential services. The disruption\n                impacts and allowable outage times identified help to determine\n                the most cost-effective backup and recovery process for the\n                system.\n\n                Also, DHS provides disaster recovery guidance to its components\n                in its Sensitive Systems policy publication 4300A, Information\n                Technology Security Program. This DHS-wide guidance for\n                implementing disaster recovery procedures expands on FPC 65 and\n                OMB Circular A-130 testing guidance by requiring that DHS\n                components develop and maintain disaster recovery plans and that\n                these plans be tested/exercised annually. DHS 4300A also provides\n                broad guidance on the storage of backup tapes.\n\nResults of Audit\n  Disaster Recovery Sites Are Inadequate\n                The disaster recovery sites for the reviewed DHS facilities were\n                either not available, not fully operational, or had identified\n                deficiencies (See Appendix C, DHS Facilities Reviewed, for\n                details). The disaster recovery sites for all 19 facilities lacked\n                adequate capabilities to prevent service disruptions from\n                potentially affecting DHS\xe2\x80\x99 ability to either respond to a threat or to\n                mitigate the effects of a disaster. Specifically, there was no\n                identified recovery site for six of the 19 (32%) selected facilities.\n                At these six facilities there were a total of 383 servers and nine\n                mainframe systems.\n\n                DHS components also placed reliance on disaster recovery sites\n                that were not fully operational at nine of the 19 (47%) facilities.\n                There were a total of 500 servers at these nine facilities. These\n                alternate sites were not fully operational because they did not have\n                all the resources necessary to recover the functions at the original\n                facility.\n\n\n\n                   DHS Disaster Recovery Planning Needs Improvement\n\n\n                                        Page 7\n\x0c                           Additionally, only four of the 19 (21%) facilities, consisting of a\n                           total of eight mainframe systems and 390 servers, had operational\n                           disaster recovery sites and tested their disaster recovery planning.\n                           The disaster recovery testing at these four operational recovery\n                           sites revealed deficiencies that could adversely impact recovery of\n                           critical systems.\n\n                           DHS must be able to provide mission essential services with\n                           minimal disruption following a disaster. DHS recovery sites must\n                           be able to restore promptly the critical IT systems supporting these\n                           services. Without an adequate disaster recovery capability, a\n                           minor disruption or major disaster may affect DHS\xe2\x80\x99 ability to\n                           perform essential services.\n\n                           The impact on DHS of a disaster at one of these 19 facilities is\n                           dependent upon the duration of the failure and the importance of\n                           the IT systems operating at that facility. For example, if the facility\n                           contained mission critical systems, damage or destruction to those\n                           systems could have a debilitating impact on the ability of DHS to\n                           perform its essential functions and activities.\n\n                           Component A5\n\n                           Component A was responsible for two of the facilities without an\n                           identified disaster recovery site. The inability to access critical\n                           applications running on the 228 servers and nine mainframes at\n                           these Component A facilities could adversely impact security\n                           operations (b)\n                                        (b)\n                                       ------------------------- ------------, or delay recovery and\n                           coordination efforts to respond to an incident.\n\n                           Component A is using a managed services contract to provide IT\n                           services. This contract could be used to provide a disaster recovery\n                           capability for these two facilities; however, Component A does not\n                           have the funds available to task the contractor with providing this\n                           service. According to Component A officials, funding was not\n                           provided because of agency-wide funding issues. Component A\n                           officials also said that there was a requirement that the alternate\n                           site be part of the DHS data center consolidation project. However,\n                           the CIO\xe2\x80\x99s office has not provided guidance to the components on\n                           construction of alternate sites or a schedule of when the\n                           consolidated data centers would be available.\n5\n The Department of Homeland Security, Office Inspector General, has redacted the names of specific\ncomponents from this report for public release. The redactions are identified as (b)(2), comparable to 5\nU.S.C. \xc2\xa7 552 (b)(2). A review under the Freedom of Information Act will be conducted upon request.\n\n                            DHS Disaster Recovery Planning Needs Improvement\n\n\n                                                   Page 8\n\x0cA third Component A facility with four servers did not have a fully\noperational disaster recovery site. Recovery plans for these critical\nIT systems identify a remote Component A facility as the alternate\nsite. However, the identified site does not have all the equipment\nnecessary to act as a fully operational disaster recovery site. An\nextended disruption in the operation of the IT systems at this\nfacility could hinder the performance of some of Component A\xe2\x80\x99s\nmission essential functions.\n\nComponent B\n\nA Component B facility with 32 servers did not have an identified\nalternate site. While this deficiency has been reported to\nComponent B\xe2\x80\x99s management, additional funds had not been\nprovided to acquire a disaster recovery site. This facility is located\nin a geographic region subject to natural disasters. An inadequate\ndisaster recovery capability could hinder Component B\xe2\x80\x99s ability to\nrespond effectively to a demand for assistance in the disaster area.\n\nFurthermore, Component B was responsible for two additional\nfacilities that did not have fully operational disaster recovery sites.\nThe larger of these two Component B facilities, with 200 servers,\nhas a signed lease for an alternate disaster recovery site. However,\nas of April 2004, the implementation plan for this capability had\nnot been deployed or tested. Additionally, the alternate site for the\nsmaller facility, with 41 servers, is another Component B facility.\nAgain, the disaster recovery plans to implement this capability\nhave not been prepared or tested. A significant disruption in the\noperation of the IT systems at either facility may hinder the\n                                                  (b)(b)\nperformance of mission essential activities,------         - ------ ------ -\n(b)\n(b)\n----------------------------------- -----------------------------------\n\nComponent C\n\nWe, and our independent verification and validation (IV&V)\ncontractor, observed a disaster recovery test for a facility that\ncontained six mainframes and 180 servers. While Component C\nwas able to restore operations, the recovery time for one critical\nsystem did not meet the requirement established in the business\nimpact analysis. The minimal recovery time for this system was\nexceeded due to the time required to transfer backup tapes from\nComponent C\xe2\x80\x99s tape storage facility to the recovery site, combined\nwith the time required to restore the system with the tape backups.\n\n DHS Disaster Recovery Planning Needs Improvement\n\n\n                      Page 9\n\x0c                                    Component C was testing a data replication methodology as a\n                                    potential solution to this deficiency.\n\n                                    Other deficiencies existed that were related to Component C\xe2\x80\x99s use\n                                    of a commercial facility for recovery purposes. Specifically,\n                                    Component C personnel were pre-positioned at the recovery site\n                                    before the test began. Pre-positioning personnel ensured that all\n                                    critical staff were available for the scheduled test and enabled\n                                    Component C to meet recovery goals by reducing the recovery\n                                    time by several hours that would have been needed for travel.\n                                    Component C informed us that it could not perform an\n                                    unscheduled recovery test due to the need to schedule the test\n                                    times with the vendor.\n\n                                    Additionally, Component C\xe2\x80\x99s contract for this commercial facility\n                                    only allowed a set period of time for testing. When this scheduled\n                                    time elapsed, Component C had not completed all activities\n                                    associated with removing data from storage devices. Component C\n                                    then relied on the vendor to complete the data removal process.\n                                    Component C has taken steps to ensure that, in future tests, the\n                                    data removal process will be completed before Component C\n                                    leaves the facility.\n\n                                    Potential effects associated with an extended outage of the IT\n                                    systems running at the Component C facility include a disruption\n                                                                                   (b)\n                                    to the enforcement of laws governing-----------------------------------\n                                                                                                  (b)\n\n\n\n                                    (b)\n                                    ------------------------------------- ----------------------------------\n                                    (b)\n\n\n\n\n                                    ---------- - and excessive overtime. A disruption in processing\n                                    (b)\n\n\n\n\n                                    capability also could impact non-Component C users of these\n                                    systems, including the private sector, (b)     ------------ ------------ --------\n                                                                                                 (b)\n\n\n\n                                    (b)\n                                     (b)\n                                    ------------- ----------------------- ----------------------------- , as well as\n                                    other DHS components and federal agencies.\n\n                                    Component D\n\n                                    Component D was responsible for three facilities, containing a\n                                    total of 123 servers, which did not have an identified disaster\n                                    recovery site. Component D is working to identify an alternate site\n                                    and to provide the required resources for an adequate backup and\n                                    recovery capability for its critical systems. Failure of identified IT\n                                    equipment at these facilities could inhibit the ability of DHS\n(b)\n------------------------------------\n-\n(b)\n -- --- ---------- --- - - - - ---- --- - ----- -- - - - - - --- - ---- - ----------- -- -- - --- - - - - - ------ - -- -- -- ----- ---\n-- ---- --- - - - -- - --\n\n                                     DHS Disaster Recovery Planning Needs Improvement\n\n\n                                                                   Page 10\n\x0cemployees to perform mission essential functions or to\ncommunicate within DHS and with outside stakeholders.\n\nComponent D also used a contractor-owned facility that contained\n97 servers. Not all of the IT systems operating at this facility had\nbackup and recovery capabilities. During OIG fieldwork,\nComponent D took action to acquire and equip a separate DHS\nlocation to provide for a fully operational disaster recovery\ncapability. Access to DHS internet and intranet sites could be\nrestricted if a service disruption occurred at this facility before a\nfully functioning alternate site is implemented.\n\nComponent E\n\nA Component E facility contained 97 servers and two mainframes.\nComponent E tested its disaster recovery plans in conjunction with\nthe government-wide COOP exercise, Forward Challenge 04, in\nMay 2004. As a result of this effort, Component E identified a\nshortfall of IT assets and has been acquiring the necessary\nequipment to remedy the deficiency. Additionally, Component E\nhas undertaken efforts to acquire a recovery site that is at a more\nappropriate distance from its operating facility. An inadequate\ndisaster recovery capability may delay or prevent Component E\nfrom carrying out its mission functions efficiently or effectively\nduring a major catastrophe.\n\nComponent F\n\nComponent F is responsible for a facility with 94 servers and is in\nthe process of acquiring the use of a more distant disaster recovery\nsite. Component F had tested recovery plans and noted a need for\nhigher speed communication lines. Following our IV&V\ncontractor\xe2\x80\x99s review of this component\xe2\x80\x99s disaster recovery training,\ntesting, and exercise documentation, the contractor rated this\nfacility a Center of Excellence. The contractor cited the\nidentification and training of emergency personnel, the disaster\nplanning processes, the performance of risk assessments, and the\ninclusion of state and local responders in a recovery exercise as the\nbasis for this rating.\n\nA second Component F facility with 50 servers did not have a fully\noperational disaster recovery site. Recovery plans for these critical\nIT systems identify remote Component F facilities as the alternate\nsites. However, the identified sites do not have all the equipment\n\nDHS Disaster Recovery Planning Needs Improvement\n\n\n                    Page 11\n\x0cnecessary to act as a fully operational disaster recovery sites. An\nextended disruption in the operation of the IT systems at this\nfacility could hinder the performance of some of Component F\xe2\x80\x99s\nmission essential functions.\n\nComponent G\n\nComponent G was responsible for two facilities that did not have\nfully operational disaster recovery sites. Component G plans to use\nan unfurnished DHS facility as an alternate site for one facility\nwith 14 servers. However, Component G is in the process of\npreparing and equipping this DHS facility to serve as a fully\noperational recovery site.\n\nA second Component G facility was contractor-owned, contained\n35 servers, and did not have a fully operational alternate site. Not\nall the functions of this second Component G facility could be\nrestored at the Component G contractor\xe2\x80\x99s disaster recovery site.\nAdditionally, Component G had not identified the funds necessary\nto equip this recovery site adequately, or to task the contractor with\nproviding all the necessary recovery services. The two Component\nG facilities contain IT systems, which cannot experience a\nsignificant disruption in their operation without hindering the\nperformance of some of Component G\xe2\x80\x99s mission essential\nfunctions.\n\nComponent H\n\nComponent H was responsible for one facility with 14 servers that\ndid not have a fully operational disaster recovery site. Component\nH plans on using a remote facility as a recovery site. Currently, the\nidentified site does not have all the equipment necessary to act as a\nfully operational disaster recovery site. However, Component H is\naugmenting this site as funds and resources become available. An\nextended disruption in the operation of the IT systems at\nComponent H\xe2\x80\x99s facility could hinder the performance of some of\nits mission essential functions.\n\nComponent I\n\nComponent I was responsible for one facility with 45 servers that\ndid not have a fully operational disaster recovery site. Component I\nplans on using a remote facility as a recovery site. Currently, the\nidentified site does not have all the equipment necessary to act as a\n\nDHS Disaster Recovery Planning Needs Improvement\n\n\n                    Page 12\n\x0c             fully operational disaster recovery site. Component I may be able\n             to function for an extended period of time without the\n             administrative IT systems operating at its facility.\n\n             Component J\n\n             Component J, responsible for a facility with 19 servers, had\n             performed a successful COOP exercise in July 2004 but identified\n             the need for additional data storage and connectivity\n             improvements. Some of the identified improvements, however,\n             will not be implemented until the component relocates to a new\n             facility in the third quarter of fiscal year 2005.\n\nDisaster Recovery Documentation Needs Improvement\n             We reviewed disaster recovery related planning documents, in\n             particular, the components\xe2\x80\x99 COOP and contingency plans. A\n             significant number of the planning documentation did not contain\n             current or required information. In particular, the components had\n             not finalized 13 of the 31 (42%) planning documents reviewed,\n             and 25 of the 31 (81%) documents had deficiencies. The results of\n             the documentation review are summarized below in Table 1,\n             Summary of Disaster Recovery Planning Documents Reviewed.\n\n                Table 1: Summary of Disaster Recovery Planning Documents\n                                       Reviewed\n\n                                                         Number\n                                                         That       Number\n                              Number         Number      Comply     With\n                              Reviewed       in Draft    With FPC   Identified\n                                                         65 or      Deficiencies\n                                                         NIST SP\n                                                         800-34\n             COOP Plans       10             3           7          4\n                                             (30%)       (70%)      (40%)\n             Contingency      21             10          13         21\n             Plans                           (48%)       (62%)      (100%)\n             Total            31             13          20         25\n                                             (42%)       (65%)      (81%)\n\n             See Appendix D, DHS Disaster Recovery Planning Documents\n             Reviewed, for details.\n\n\n              DHS Disaster Recovery Planning Needs Improvement\n\n\n                                   Page 13\n\x0c             Adequate COOP and contingency plans provide DHS management\n             with some assurance that mission essential functions will be\n             performed despite a disruption in operations. Without adequate\n             disaster recovery documentation, DHS may not be able to restore\n             critical IT systems supporting those functions within required time\n             frames.\n\n             We reviewed the 10 COOP plans to determine if they complied\n             with FPC 65. Six of the 10 (60%) COOP plans were not accurate\n             or current or did not contain required information, such as an\n             inventory of critical IT systems. Adequate COOP plans are\n             required to ensure the continued performance of mission essential\n             functions under all circumstances.\n\n             Additionally, we reviewed contingency plans for IT systems to\n             determine if they complied with NIST SP 800-34. Just over half of\n             the contingency plans complied with the NIST format and\n             contained the recommended information. We reviewed the\n             contingency plans to determine whether they could serve as a\n             template to execute the recovery strategy for the IT systems in the\n             event of a disruption. Deficiencies existed in all the contingency\n             plans reviewed. For example, while NIST SP 800-34 recommends\n             that the business impact analysis be performed and included in the\n             contingency plan, only one such analysis was performed. Without\n             performing this analysis, there is no guarantee that the recovery\n             strategy employed will ensure that critical systems are restored\n             within required time frames.\n\nDHS Does Not Have an Enterprise-Wide Disaster Recovery Program\n             DHS has not implemented a DHS-wide program to coordinate and\n             upgrade the disaster recovery capability for its critical IT systems.\n             The disaster recovery program was inadequate at each of the\n             facilities reviewed. Further, the DHS components responsible for\n             those facilities are trying to resolve identified IT disaster recovery\n             deficiencies at the component level even though several of the\n             components have not been able to identify the funds or resources\n             necessary to implement an adequate disaster recovery capability.\n             Disaster recovery weaknesses at all DHS components may not be\n             resolved fully until implementation of an enterprise-wide disaster\n             recovery solution.\n\n             The CIO had taken some actions to implement a DHS-wide\n             disaster recovery solution prior to the start of this audit. First, the\n\n              DHS Disaster Recovery Planning Needs Improvement\n\n\n                                  Page 14\n\x0cCIO formed the Enterprise Infrastructure Board (EIB) and\nchartered this board with several infrastructure consolidation\ninitiatives to meet the vision of \xe2\x80\x9cOne Network, One Infrastructure,\nOne DHS.\xe2\x80\x9d The EIB produced a draft in October 2003, Roadmap\nto One DHS IT Infrastructure Version 1. According to this\ndocument, DHS will integrate, consolidate, and transform diverse\ninfrastructures into one to create and implement a world class IT\ninfrastructure.\n\nSecond, the CIO created the DHS Data Center Consolidation\n(DCC) project to support the DHS IT infrastructure roadmap. The\nDCC project planned to provide DHS with two geographically-\nseparate data centers where all existing and future computing\ninfrastructure could be located. The two planned data centers were\nto provide mirror computing (duplicate computing resources) at\neach center. This plan would ensure that each center would have\nfull operational capability to support all data processing\nrequirements should the other data center fail. Further, the CIO\ncreated the DCC working group to survey DHS\xe2\x80\x99 legacy data\ncenters and request information concerning the size of the data\ncenters and disaster recovery capability. The group\xe2\x80\x99s efforts have\nbeen incorporated into DHS\xe2\x80\x99 Infrastructure Transformation Office,\nwhich is responsible for achieving the agency-wide goal of one\ninfrastructure.\n\nThe Infrastructure Transformation Office has developed a program\nto transition the IT infrastructures of the individual DHS\ncomponents into an integrated infrastructure. However, this\nprogram has not made the consolidation of DHS\xe2\x80\x99 data centers a\nhigh priority. As a result, the CIO has not informed the\ncomponents when a consolidated data center will be available to\nperform disaster recovery activities.\n\n\n\n\nDHS Disaster Recovery Planning Needs Improvement\n\n\n                    Page 15\n\x0cRecommendations\n             We recommend that the DHS CIO:\n\n             Recommendation 1: Allocate the funds needed to implement an\n             enterprise-wide disaster recovery program for mission critical\n             systems.\n\n             Recommendation 2: Require that disaster recovery capabilities\n             are included in the planning and implementation of new systems.\n\n             Recommendation 3: Require that disaster recovery-related\n             documentation for mission critical systems be completed and\n             conform to current government standards.\n\n\nManagement Comments and Our Evaluation\n             We obtained written comments on a draft of this report from DHS.\n             We have incorporated the comments where appropriate and\n             included a copy of the comments in their entirety as Appendix B.\n             DHS generally agreed with each of our recommendations. Below\n             is a summary of DHS\xe2\x80\x99 response to each recommendation and our\n             assessment of the response.\n\n             Recommendation 1: Allocate the funds needed to implement an\n             enterprise-wide disaster recovery program for mission critical\n             systems.\n\n             The DHS Office of the CIO agrees that additional funding could be\n             applied toward the development of an enterprise-wide disaster\n             recovery program for mission critical systems. The report\n             recognizes the efforts of the DHS Infrastructure Transformation\n             Office, which is analyzing DHS data centers to determine the most\n             effective and efficient way to provide these capabilities. This\n             effort will also incorporate a DHS-wide disaster recovery program.\n\n             We accept DHS\xe2\x80\x99 response to incorporate a DHS-wide disaster\n             recovery program as part of the Infrastructure Transformation\n             Office\xe2\x80\x99s efforts. However, DHS has not identified the additional\n             funds that might be applied to this effort or how soon a suitable\n             DHS disaster recovery alternate facility may be acquired.\n\n\n\n\n             DHS Disaster Recovery Planning Needs Improvement\n\n\n                                 Page 16\n\x0cRecommendation 2: Require that disaster recovery capabilities\nare included in the planning and implementation of new systems.\n\nThe DHS Office of the CIO concurs. In its comments, the DHS\nOffice of CIO states that the report correctly concludes that there is\na lack of readiness amongst DHS operational elements concerning\nIT disaster recovery capability and protocols. Many of the\ngeographically dispersed IT assets of DHS are inappropriately\nhoused in urban office buildings and depend entirely on public\ntelecommunications infrastructure for interconnectivity. DHS\nstates that it plans to address these issues through its Infrastructure\nTransformation Office effort.\n\nWe accept DHS\xe2\x80\x99 response to address these issues through the\nInfrastructure Transformation Office.\n\nRecommendation 3: Require that disaster recovery related\ndocumentation for mission critical systems be completed and\nconform to current government standards.\n\nThe DHS Office of the CIO does not dispute the importance of\nhaving disaster recovery related documentation for mission critical\nsystems developed to consistent standards.\n\nWe accept DHS\xe2\x80\x99 response as to the importance of having adequate\nand standardized disaster recovery related documentation.\n\n\n\n\nDHS Disaster Recovery Planning Needs Improvement\n\n\n                    Page 17\n\x0c              Appendix A\n              Purpose, Scope, and Methodology\n\n\n\n\nPurpose, Scope, and Methodology\n              The overall objective of this audit was to evaluate the effectiveness\n              of DHS\xe2\x80\x99 acquisition and management of disaster recovery alternate\n              sites for the general support systems comprising its network\n              backbone. Nineteen DHS facilities were within the audit scope.\n              These facilities are the responsibility of:\n\n                  \xe2\x80\xa2   Border and Transportation Security\n                          o Customs and Border Protection\n                          o Federal Law Enforcement Training Center\n                          o Transportation Security Administration\n                  \xe2\x80\xa2   Emergency Preparedness and Response\n                          o Federal Emergency Management Agency\n                  \xe2\x80\xa2   Immigration and Customs Enforcement\n                  \xe2\x80\xa2   Information Analysis and Infrastructure Protection\n                  \xe2\x80\xa2   DHS Management Directorate\n                  \xe2\x80\xa2   The Office of Inspector General\n                  \xe2\x80\xa2   The United States Coast Guard\n                  \xe2\x80\xa2   The United States Secret Service\n\n              We reviewed DHS communications diagrams, facility surveys,\n              prior audit reports, disaster recovery related documentation, such\n              as COOP and contingency plans, and wiring diagrams. Auditors\n              performed on-site inspections, interviewed key personnel, and\n              contracted for an IV&V assessment of disaster recovery plans and\n              tests. OIG auditors and IV&V contractors also observed disaster\n              recovery tests. Fieldwork was performed at Washington, DC area\n              facilities, as well as at other facilities around the country.\n\n\n\n\n               DHS Disaster Recovery Planning Needs Improvement\n\n\n                                   Page 18\n\x0cAppendix A\nPurpose, Scope, and Methodology\n\n\n\n\nWe provided the CIO and DHS components with briefings and\npresentations concerning the results of fieldwork and the\ninformation summarized in this report. Additionally, we provided\ncomments on other deficiencies observed at the operating facilities,\nincluding:\n\n    \xe2\x80\xa2   Servers not backed-up.\n    \xe2\x80\xa2   Servers not connected to an uninterruptible power supply.\n    \xe2\x80\xa2   Servers and telecommunications equipment without\n        adequate environmental and electrical controls.\n    \xe2\x80\xa2   Server rooms lacking adequate fire detection or suppression\n        systems.\n    \xe2\x80\xa2   Inadequate storage of backup tapes.\n    \xe2\x80\xa2   Lack of redundancy in the telecommunications system.\n    \xe2\x80\xa2   Wiring closets in unsecured locations or without adequate\n        environmental controls.\n    \xe2\x80\xa2   Disaster recovery test not monitored by government\n        personnel.\n\nWe conducted this audit between November 2003 and December\n2004 at various DHS directorate and organizational elements in the\nWashington, DC metropolitan area and around the country. We\nperformed its work according to generally accepted government\nauditing standards and pursuant to the Inspector General Act of\n1978, as amended.\n\nWe appreciate the efforts by DHS management and staff to provide\nthe information and access necessary to accomplish this audit. The\nprincipal OIG points of contact for the audit are Frank Deffer,\nAssistant Inspector General for Information Technology Audits\n(202) 254-4100 and Roger Dressler, Director, Information Systems\nand Architectures (202) 254-5441. Major OIG contributors to the\naudit are identified in Appendix E.\n\n\n\n\nDHS Disaster Recovery Planning Needs Improvement\n\n\n                    Page 19\n\x0cAppendix B\nManagement\xe2\x80\x99s Response\n\n\n\n\nDHS Disaster Recovery Planning Needs Improvement\n\n\n                    Page 20\n\x0cAppendix B\nManagement\xe2\x80\x99s Response\n\n\n\n\nDHS Disaster Recovery Planning Needs Improvement\n\n\n                    Page 21\n\x0c      Appendix B\n      Management\xe2\x80\x99s Response\n\n\n\n\n(b)\n(b)\n\n\n\n(b)\n\n(b)\n\n\n\n\n      DHS Disaster Recovery Planning Needs Improvement\n\n\n                          Page 22\n\x0c                   Appendix C\n                   DHS Facilities Reviewed\n\n\n\n\n                   Recovery Site Status for Selected DHS Facilities\n\n                            Facility\n           Component        Servers/\nFacility   Responsible     Mainframes         Recovery                 Comments\n                                                 Site\n   1           A                103/1        No Identified      Relying on DHS-wide\n                                              Recovery           initiatives to resolve\n                                                 Site                 deficiencies.\n   2           A                125/8        No Identified      Relying on DHS-wide\n                                              Recovery           initiatives to resolve\n                                                 Site                 deficiencies.\n   3           A                 4/0          Not Fully        Purchasing necessary IT\n                                             Operational                 assets.\n   4           B                41/0          Not Fully        Implementing necessary\n                                             Operational          recovery strategies.\n   5           B                200/0         Not Fully        Implementing necessary\n                                             Operational          recovery strategies.\n   6           B                32/0         No Identified     Needs to fund additional\n                                              Recovery                capabilities.\n                                                 Site\n   7           C                180/6        Operational     Cannot restore a critical\n                                                           system in the required time\n                                                                     frame.\n   8           D                97/0          Not Fully     Implementing identified\n                                             Operational      recovery capabilities.\n   9           D                86/0         No Identified    Developing recovery\n                                              Recovery             strategies.\n                                                 Site\n  10           D                27/0         No Identified    Developing recovery\n                                              Recovery             strategies.\n                                                 Site\n  11           D                10/0         No Identified    Developing recovery\n                                              Recovery             strategies.\n                                                 Site\n\n\n\n\n                    DHS Disaster Recovery Planning Needs Improvement\n\n\n                                        Page 23\n\x0c                    Appendix C\n                    DHS Facilities Reviewed\n\n\n\n\n           Recovery Site Status for Selected DHS Facilities (Continued)\n\n           Component         Facility         Recovery\nFacility   Responsible       Servers/         Site Status              Comments\n                            Mainframes\n  12            E              97/2           Operational      Implementing a recovery\n                                                                  site that is at a more\n                                                               acceptable distance from\n                                                                  the primary facility.\n  13            F                50/0          Not Fully            Needs to purchase\n                                              Operational         additional IT assets.\n  14            F                94/0         Operational      Implementing a recovery\n                                                                  site that is at a more\n                                                               acceptable distance from\n                                                                  the primary facility.\n  15            G                35/0          Not Fully       Needs to fund additional\n                                              Operational              capabilities.\n  16            G                14/0          Not Fully       Implementing necessary\n                                              Operational          recovery strategies.\n  17            H                14/0          Not Fully            Needs to purchase\n                                              Operational         additional IT assets.\n  18            I                45/0          Not Fully        Relying on DHS-wide\n                                              Operational         initiatives to resolve\n                                                                       deficiencies.\n  19            J                19/0         Operational       Additional capabilities\n                                                                under consideration for\n                                                              implementation following\n                                                                 relocation of primary\n                                                                          facility.\n\n\n\n\n                    DHS Disaster Recovery Planning Needs Improvement\n\n\n                                         Page 24\n\x0c                            Appendix D\n                            Disaster Recovery Planning Documents Reviewed\n\n\n\n\n                              Continuity of Operations Documents\n\n                                              Draft      FPC 65\nComponent             Document Title             /      Compliance                Comments\n                                              Final\n         B          Component B               Final     Yes               No deficiencies identified.\n                    Continuity of\n                    Operations (COOP)\n                    Plan 1\n         C          *Component C              Final     No                On site IV&V revealed\n                    COOP Plan 17                                          that the COOP plan\n                                                                          contained inaccurate\n                                                                          information.\n         C          *Component C              Final     No                Did not contain line of\n                    COOP Plan 2                                           succession information.\n         D          Component D               Draft     Yes               No deficiencies identified.\n                    COOP Plan 1\n         E          Component E               Final     Yes               Minor comments, for\n                    COOP Plan 1                                           example: Vital records\n                                                                          and databases not\n                                                                          described in sufficient\n                                                                          detail.\n         F          Component F               Final     Yes                This COOP plan does not\n                    COOP Plan 1                                            appear to be a final\n                                                                           product. The plan does\n                                                                           not provide the inventory\n                                                                           of mission critical\n                                                                           systems and data\n                                                                           necessary to conduct\n                                                                           essential operations.\n         F          *Component F              Final     Yes               No deficiencies identified.\n                    COOP Plan 2\n         F          *Component F              Final     Yes               This document is a\n                    COOP Plan 3                                           divisional level checklist\n                                                                          that was designed to\n                                                                          supplement the\n                                                                          Component F COOP Plan\n                                                                          2.\n\n\n7\n    The OIG\xe2\x80\x99s IV&V contractor reviewed documents that are denoted with an asterisk (\xe2\x80\x98*\xe2\x80\x99).\n\n                             DHS Disaster Recovery Planning Needs Improvement\n\n\n                                                  Page 25\n\x0c                 Appendix D\n                 Disaster Recovery Planning Documents Reviewed\n\n\n\n\n              Continuity of Operations Documents (Continued)\n\n                                  Draft      FPC 65\nComponent    Document Title         /       Compliance               Comments\n                                  Final\n    I       *Component I          Draft     No               Does not identify essential\n            COOP Plan 1                                      functions\n\n    J       Component J           Draft     Yes              No deficiencies identified.\n            COOP Plan 1\n\n\n\n\n                  DHS Disaster Recovery Planning Needs Improvement\n\n\n                                      Page 26\n\x0c                  Appendix D\n                  Disaster Recovery Planning Documents Reviewed\n\n\n\n\n                         Contingency Plan Documents\n\n                                                    NIST\n                                  Draft/            SP 800-34\nComponent Document Title          Final             Compliance        Comments\n   A      Component A             Draft             No                Does not contain\n          Contingency Plan 1                                          plan activation.\n   E      Component E Contingency Draft             No                No Business Impact\n          Plan 1                                                      Analysis was\n                                                                      provided.\n    E      Component E Contingency Draft            No                No Business Impact\n           Plan 2                                                     Analysis was\n                                                                      provided\n    F      Component F Contingency       Final      Yes               Does not include\n           Plan 1                                                     recommended\n                                                                      appendices (e.g.,\n                                                                      vendor contact list,\n                                                                      service level\n                                                                      agreements,\n                                                                      equipment and\n                                                                      specifications).\n    F      Component F Contingency       Draft      Yes               Does not include\n           Plan 2                                                     recommended\n                                                                      appendices (e.g.,\n                                                                      Emergency\n                                                                      Management,\n                                                                      Occupant Evacuation\n                                                                      and Continuity of\n                                                                      Operations plans).\n    F      Component F Contingency       Final      Yes               Contingency Plan\n           Plan 3                                                     Manager not\n                                                                      identified.\n    F      Component F Contingency       Final      Yes               Order of succession\n           Plan 4                                                     not included.\n    F      Component F Contingency       Draft      Yes               Order of succession\n           Plan 5                                                     not included.\n    F      Component F Contingency       Draft      Yes               Order of succession\n           Plan 6                                                     not included.\n\n\n\n\n                   DHS Disaster Recovery Planning Needs Improvement\n\n\n                                       Page 27\n\x0c                  Appendix D\n                  Disaster Recovery Planning Documents Reviewed\n\n\n\n\n                  Contingency Plan Documents (Continued)\n\n                                                    NIST\n                                         Draft/     SP 800-34\nComponent Document Title                 Final      Compliance        Comments\n   F      Component F Contingency        Draft      Yes               Does not include\n          Plan 7                                                      recommended\n                                                                      appendices (e.g.,\n                                                                      Business Impact\n                                                                      Analysis, Occupant\n                                                                      Evacuation Plan,\n                                                                      Emergency\n                                                                      Management Plan).\n    F      Component F Contingency       Draft      Yes               Does not include\n           Plan 8                                                     recommended\n                                                                      appendices (e.g.,\n                                                                      Business Impact\n                                                                      Analysis, Occupant\n                                                                      Evacuation Plan, and\n                                                                      Emergency\n                                                                      Management Plan).\n    F      Component F Contingency       Final      Yes               Does not include\n           Plan 9                                                     recommended\n                                                                      appendices (e.g.,\n                                                                      Business Impact\n                                                                      Analysis, Occupant\n                                                                      Evacuation Plan, and\n                                                                      Emergency\n                                                                      Management Plan).\n    F      Component F Contingency       Final      No                There is no\n           Plan 10                                                    designated alternate\n                                                                      site.\n    F      Component F Contingency       Final      Yes               Does not include\n           Plan 11                                                    recommended\n                                                                      appendices (e.g.,\n                                                                      Business Impact\n                                                                      Analysis, Emergency\n                                                                      Management Plan,\n                                                                      and Occupant\n                                                                      Emergency Plan).\n\n\n\n                   DHS Disaster Recovery Planning Needs Improvement\n\n\n                                       Page 28\n\x0c                            Appendix D\n                            Disaster Recovery Planning Documents Reviewed\n\n\n\n\n                            Contingency Plan Documents (Continued)\n\n                                                                NIST\n                                                    Draft/      SP 800-34\nComponent Document Title                            Final       Compliance       Comments\n   F      Component F Contingency                   Final       No               This may not be a\n          Plan 12                                                                final document as\n                                                                                 some appendices\n                                                                                 have sections labeled\n                                                                                 \xe2\x80\x98To Be Determined\xe2\x80\x99\n                                                                                 (e.g., Appendix C-\n                                                                                 08C).\n        G         *Component G                      Draft       Yes              Tape backup\n                  Contingency Plan 18                                            procedures were not\n                                                                                 defined.\n        G         *Component G                      Draft       Yes              Alternate site was\n                  Contingency Plan 2                                             not designated.\n        I         *Component I                      Final       No               The plan is only\n                  Contingency Plan 1                                             designed for local\n                                                                                 situations that do not\n                                                                                 require the use of an\n                                                                                 alternate facility.\n        J         Component J Contingency           Final.      No               Order of succession\n                  Plan 1                                                         not included.\n        J         Component J Contingency           Final       No               Does not contain\n                  Plan 2                                                         plan activation.\n        J         Component J Contingency           Final       No               Does not contain\n                  Plan 3                                                         plan activation.\n\n\n\n\n8\n    The OIG\xe2\x80\x99s IV&V contractor reviewed documents that are denoted with an asterisk (\xe2\x80\x98*\xe2\x80\x99).\n\n\n                             DHS Disaster Recovery Planning Needs Improvement\n\n\n                                                  Page 29\n\x0cAppendix E\nMajor Contributors To This Report\n\n\n\n\nInformation Systems and Architectures Division\n\nRoger Dressler, Director\nKevin Burke, Audit Manager\nKaren Nelson, Auditor\nDomingo Alvarez, Auditor\nScott Sammons, Auditor\nTim Walton, Referencer\n\n\n\n\n DHS Disaster Recovery Planning Needs Improvement\n\n\n                     Page 30\n\x0cAppendix F\nReport Distribution\n\n\n\n\nDepartment of Homeland Security\n\nSecretary\nDeputy Secretary\nGeneral Counsel\nUnder Secretary, Management\nDHS GAO/OIG Liaison Officer\nDHS Chief Information Security Officer\nDHS Office of Security\nDHS Public Affairs\nCIO Audit Liaison\nDirector, Compliance and Oversight Program, OCIO\n\n\nOffice of Management and Budget\n\nChief, Homeland Security Branch\nDHS OIG Budget Examiner\n\nCongress\n\nAppropriate Congressional Oversight and Appropriations\nCommittees\n\n\n\n\n DHS Disaster Recovery Planning Needs Improvement\n\n\n                      Page 31\n\x0cAdditional Information and Copies\n\nTo obtain additional copies of this report, call the Office of Inspector General\n(OIG) at (202) 254-4100, fax your request to (202) 254-4285, or visit the OIG\nweb site at www.dhs.gov/oig.\n\nOIG Hotline\n\nTo report alleged fraud, waste, abuse or mismanagement, or any other kind\nof criminal or noncriminal misconduct relative to department programs or\noperations, call the OIG Hotline at 1-800-323-8603; write to DHS Office of\nInspector General/MAIL STOP 2600, Attention: Office of Investigations \xe2\x80\x93\nHotline, 245 Murray Drive, SW, Building 410, Washington, DC 20528; fax\nthe complaint to (202) 254-4292; or email DHSOIGHOTLINE@dhs.gov. The\nOIG seeks to protect the identity of each writer and caller.\n\x0c'